Mail services, package delivery, and cargo logistics are at the core of Posti's business. The company delivers over 44 million customer packages yearly, and over 1.4 million consumers currently use Posti's digital services. The private content of their services requires Posti to use strong authentication to identify their customers. Existing options for strong digital authentication include Finnish Bank Authentication, Mobile ID, and the Finnish ID card with a digital chip.Current authentication methods do not support the digitalization opportunities. For instance, when someone needs to retrieve a package from the post office on behalf of a recipient, they still need a signed piece of paper from the recipient. Currently, there is no reasonable way to do this electronically for three reasons. Firstly, the user experience of the current authentication methods is not consistent and easily adaptable to Posti's own services. Secondly, the presently used authentication methods do not support electronic authentication at a physical service point, and the third reason is that we do not have a centralized company-specific authorization service in our society where the authorization can be transferred between individuals within certain limits."Currently, Posti cannot identify persons online or in the physical service points with sufficient effectiveness or cost-efficiency. Different players in the logistics environment need a commonly used digital authentication solution that could connect an individual to all services, rights, and personal data of the person," says Raine Westerholm, Head of Payment Services, Digital Commerce at Posti.Posti conducted a pilot in the Sandbox of Trust project, where SisuID was used to solve these authentication issues. The pilot also focused on solving the traditionally costly and complicated process of registering and delivering a strong authentication method in the following matters:SisuID holds the necessary information about the user's verified identity. Therefore, users could use the SisuID authentication app to verify their age when retrieving a package from Posti's self-service parcel locker.Within the pilot, a concept was created where Posti would serve as a digital identity and authentication method registration point. For example, Posti could provide a specific authentication kiosk, where users could take a selfie and use an electronic reader to verify authenticity of their passport or ID-card. After that, the person could be registered with a digital identity and the person could activate a SisuID mobile authentication application there on the spot as a self-service. Optionally, users could go to a post office to show their passport to a clerk, who would use a passport reader to verify the authenticity of the passport and enroll the users in SisuID.The simple use case of logging into online services was also tested, where the user could use the SisuID mobile app to authenticate access to Posti's services instead of using a password. When logging in the first time, the SisuID was linked to the user's Posti account. The user's identity could now be connected to the same SisuID and to other service providers' user accounts with the user's consent.For example: When a strongly authenticated user fills in a notice of move to Posti, the person could invite tenders and sign a home insurance contract without a separate authentication to access the insurance company's service. Or the person can give a consent to Posti to supply the provided information, for example to the home insurance providers. When the user then activates SisuID to login to an insurance company's services, the insurance company could retrieve the user's contact information and home address from Posti's service using the SisuID identifier.Posti has its own OmaPosti mobile application, where the users can, for example, pay invoices. For invoice approval, the user needs to use strong authentication, which should be easy to ensure a fluid payment process. With the new PSD2 (Payment Services Directive), the Oma Posti app could use SisuID as a strong authentication mechanism to approve transactions. Posti could then transfer the payment directly from the user's bank account.If SisuID receives the necessary funding to start production, Posti will join the to-be established SisuID cooperative. Posti will also provide support for the adoption of SisuID with user registrations from their own clientele. This helps to ensure that the maximum number of Finnish citizens and foreigners will have SisuID in their pockets already in 2020. Posti sees that with a new cost-efficient and user-friendly authentication mechanism, their digitalization goals will be much easier to pursue."The Sandbox of Trust initiative is rapidly developing SisuID through pilot projects. We have major public and private players involved in testing their requirements for the new authentication application. SisuID is expected to be rolled out to production in early 2020," says Joonatan Henriksson, Head of Digital Business at Nixu Corporation.
Finland’s Posti in digital ID pilot
